Cross-Site Scripting Vulnerability in Code-Projects Client Details System
CVE-2025-12281

4.8MEDIUM

Key Information:

Vendor: Code-projects
Status: Client Details System
Vendor: CVE Published:; 27 October 2025

🔔 Create Code-projects Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-12281?

A cross-site scripting vulnerability exists in the Code-Projects Client Details System version 1.0, specifically within the /admin/clientview.php file. This vulnerability allows attackers to execute malicious scripts in the context of a user's browser, potentially compromising sensitive data. The exploit can be carried out remotely, and given that it has been publicly disclosed, there is a heightened risk for exploitation. Web administrators are advised to apply security patches and implement input validation measures to mitigate this threat.

Affected Version(s)

Client Details System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-12281 - Proof of Concept